Securely serving results of dynamic user-provided code over the web

US 9,826,017 B1
Filed: 03/08/2013
Issued: 11/21/2017
Est. Priority Date: 05/03/2012
Status: Active Grant

First Claim

Patent Images

1. A method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising:

receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code;

executing the code at the first server at the first network domain to produce an output that includes the requested result;

sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and

delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure relates to a system and method where a first user may submit untested or unverified code to a first server, which code may be accessed by a user via a browser. The first server provides results of the executed code to a second server via a redirect request. The redirected output is then sent from the second server back to the user'"'"'s browser. For example, the results of the executed code can be returned to the user immediately without storage, such that malicious code embedded in a result of the executed code cannot access domain resources from the same domain as a URL associated with the executed code, and only the user requesting execution of the code can see the result.

35 Citations

View as Search Results

20 Claims

1. A method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising:
- receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code;
  
  executing the code at the first server at the first network domain to produce an output that includes the requested result;
  
  sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and
  
  delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item.
  - 3. The method of claim 1, wherein the redirection instruction includes redirection data that indicates a redirect along with information about where and how to access the requested result;
    - andwherein the step of delivering includes processing the redirection data and receiving the requested result based on the redirection data.
  - 4. The method of claim 1, wherein the step of delivering is performed by the second server, and wherein the step of delivering includes examining the provided produced output before sending the provided produced output to the requesting device.
  - 5. The method of claim 1, wherein the requesting device is equipped with a local storage;
    - andthe step of sending the produced output includes sending a script that includes a representation of the produced output from the first server to the local storage; and
      
      the step of delivering the provided produced output to the requesting device includes retrieving the produced output from the local storage for presentation on the requesting device.
  - 6. The method of claim 1, the method further comprising:
    - determining whether the requesting device is equipped with a local storage to store the produced output, wherein the step of determining is performed before the step of delivering;
      
      in response to a determination that the requesting device is equipped with the local storage to store the produced output,performing the step of sending by sending a script that includes a representation of the produced output from the first server to the local storage; and
      
      performing the step of delivering the provided produced output to the requesting device by retrieving the produced output from the local storage for presentation on the requesting device.
  - 7. The method of claim 2, wherein the step of sending the produced output is accomplished by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server.
  - 8. The method of claim 6, wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item;
    - andin response to a determination that the requesting device is not equipped with the local storage to store the produced output, performing the step of sending the produced output by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server.
  - 9. The method of claim 2, wherein the step of sending is accomplished by posting the requested result of the executed code in a payload at the first server and redirecting the posted payload to the second server.
  - 10. The method of claim 9, wherein the second server examines the payload and returns the produced output to the requesting device as a response from the second network domain.

11. A non-transitory computer-readable medium having embodied thereon instructions which, when executed by a processor, cause the processor to perform a method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising:
- receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code;
  
  executing the code at the first server at the first network domain to produce an output that includes the requested result;
  
  sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and
  
  delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The medium of claim 11, wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item.
  - 13. The medium of claim 11, the method further comprising:
    - determining whether the requesting device is equipped with a local storage to store the produced output, wherein the step of determining is performed before the step of delivering;
      
      in response to a determination that the requesting device is equipped with the local storage to store the produced output,performing the step of sending by sending a script that includes a representation of the produced output from the first server to the local storage; and
      
      performing the step of delivering the provided produced output to the requesting device by retrieving the produced output from the local storage for presentation on the requesting device.
  - 14. The medium of claim 12, wherein the step of sending the produced output is accomplished by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server.
  - 15. The medium of claim 13, wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item;
    - andin response to a determination that the requesting device is not equipped with the local storage to store the produced output, performing the step of sending the produced output by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server.
  - 16. The medium of claim 12, wherein the step of sending is accomplished by posting the requested result of the executed code in a payload at the first server and redirecting the posted payload to the second server.
  - 17. The medium of claim 16, wherein the second server examines the payload and returns the produced output to the requesting device as a response from the second network domain.

18. A system comprising:
- a processor; and
  
  a processor-readable memory having stored therein instructions which, when executed by the processor, cause the processor to perform a method of receiving a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain at a requesting device over an information-exchange network, the method comprising;
  
  generating a content request from the requesting device to the first server at the first network domain, the content request including a request for the result of executing the unverified, potentially malicious, or untested code;
  
  sending an output, produced by execution of the code at the first server at the first network domain, that includes the requested result to a second server at a second network domain by providing, from the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and
  
  receiving the provided produced output at the requesting device from the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the processor is disposed within a mobile computing device, and wherein the content request is initiated by an application operating on the mobile computing device.
  - 20. The system of claim 18, wherein the processor-readable memory further includes a local storage disposed within the requesting device;
    - andthe step of sending the produced output includes receiving a script that includes a representation of the produced output from the first server at the requesting device and storing the received script in the local storage; and
      
      the step of receiving the provided produced output at the requesting device includes receiving an instruction from the second server to retrieve the produced output from the local storage for presentation on the requesting device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Goldfeder, Corey
Primary Examiner(s)
Christensen, Scott B
Assistant Examiner(s)
Do, Lam

Application Number

US13/791,231
Time in Patent Office

1,719 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/563   by source code analysis

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

H04L 67/563   Data redirection of data ne...

H04L 67/568   Storing data temporarily at...

Securely serving results of dynamic user-provided code over the web

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securely serving results of dynamic user-provided code over the web

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links